I've been struggling with this for two weeks. I am trying to set up an application in AWS, but cannot reach the EC2 instance. I've tried using the Visual Studio publication package, building an environment in EBS, building a server in EC2, connecting to the site via DNS and public IP, both in a browser and with ping, curl, trace route, and last with a RDC. I've tried nearly every combination of the above, and it seems like I am getting stuck on a firewall, somewhere. Trace route ends on 54 or 205, which belong to Amazon.
The obvious solution seems to be that I am not using security groups correctly, but nothing seems to work. I've tried opening up TCP, HTTP, SSH, HTTPS, UDP, and RDP, both to all addresses and my own IP, as well as opening up the scary All traffic from Anywhere. I usually just alter the group listed in the EC2 instance description, in the EC2 console, but have tried changing everything that is not an AWS group with the "Do not change or delete" warning.
I've only been developing for a couple of years, and assume that I'm missing something obvious, but I've never had this much trouble with hosting, and am completely stumped.
Related
I have 5 EC2 servers in the same VPC and all of a sudden yesterday, all of my applications started failing to send email and sms. So I tried doing git pull of my project it also timed out. Then tried to install telnet using yum that to failed with Time out. I have checked almost everything including Network ACLs, Security Groups, Subnets, Iptables, etc and everything is correct. I am not sure why is this happening.
The weird thing is if I reboot the server once the internet comes for a brief amount of time and again it disconnects.
Attaching below are the errors I am facing:
Error while Generating the Tiny URL. Error: {"errno":-110,"code":"ETIMEDOUT","syscall":"connect","address":"XXX.XX.XXX.XX","port":443}
Error SendEmail UnknownEndpoint: Inaccessible host: `email.ap-south-1.amazonaws.com'. This service may not be available in the `ap-south-1' region.
Attaching screenshots of my Network ACLs, Security Groups, Subnets, and iptables:
Please help with what am I doing wrong or if is this an issue with AWS EC2? My goal is to make sure my application works without timeout and git and yum starts working.
Did you try terminating and reprovisioning the instances, rather than rebooting them? There may be some problem with the underlying hardware. When you terminate and recreate an instance, it will likely end up in a different rack in the datacenter, which may solve the problem.
If the above helps, you should consider setting up an application load balancer with an auto scaling group, with health checks enabled for both, so that the auto scaling group terminates unhealthy instances and replaces then with the new ones automatically.
You may also consider using Simple Notification Service and stop worrying about underlying compute for e-mail and sms distribution altogether!
I have two EC2 instances running Windows. They are both in the same security group which allows for all outgoing ports, but only RDP ports from my IP. What I can't figure out is that both, to my examination, have the same security and networking settings, but one connects through RDP but the other one doesn't.
Any suggestions for settings to look at?
After a few attempts of download the .rdp file, checking the inbound rules, running nslookup myip.opendns.com resolver1.opendns.com to see my IP just to make sure I wasn't going crazy.
Ultimately what solved the problem was restarting my own computer and running the .rdp file. Not sure why, but maybe my computer was sending stale configuration data.
I have a running instance on the Linux 2 AMI.
I have a default VPC and network interface.
Security groups taken care of, even opened all traffic and still got nothing.
There is an Internet Gateway
Routes are open on the VPC
The server is running
nginx is running
Once the instance is initiated and installed, all of this is ready
I can reach the http website the first 2-3 minutes, then it is unreacheable.
No idea why, everything else still running, can still ssh into the server, but http port 80 not running.
I opened everything from iptables, still nothing.
If I reboot the server, I get a minute where I can reach the server via http, but then a minute later its the same again.
I can reach http if I use $ wget http://localhost
So I think it is probably something from the EC2 control panel, not the instance itself.
I tried on new instances too.
Anyone has an idea?
The reason behind this weird behavior was that AWS abuse team had blocked some of my ports, had to upgrade to the developer plan to be able to know this, contacting them at the moment
I am deploying a laravel installation in AWS, everything runs perfectly when I allow it to recieve all inbound traffic (EC2>Network&Security>Security Groups>Edit inbound rules.), if I turn off inbound traffic and limit it to an IP it doesnt load the webpage it gives me this error:
PDO Exception SQLSTATE[HY000] [2002] Connection timed out
However for security reasons I dont want this setup like this, I dont want anyone being able to even try to reach my webapp. Everything is being hosted in AWS, I dont have any external entities, its running in RDS and EC2. I added en elastic IP address and whitelisted it, but that didnt work either. I followed every step in this tutorial : http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/php-laravel-tutorial.html#php-laravel-tutorial-generate
Environmental variables are working as well as dependencies, well.. pretty much everything unless I restrict inbound traffic as I mentioned.
How do I whitelist AWS own instance then to make this work with better security?
Thank you!
I think part of this answer is what you may be looking for.
You should enable inbound access from the EC2 security group associated with your EC2 instance, instead of the EC2 IP address.
More than just adding an elastic IP address to your AWS instance you need to do two more things.
Assign the elastic IP to your AWS instance ( yes is not the same as just adding it to the instance, you must specify )
White list the internal IP that it generates once you link it to your app.
?????
Profit
I have a load balancer and EC2 instance with AWS. I had problems with e-mail restrictions and was recommended to use an elastic IP. I then read somethere that you can't use elastic IP and a load balancer so I removed the elastic IP. I can no longer access my instance even when I've rebooted it and waiting 2 hours later. I can ping it (after enabling ICMP with network security) but I can't SSH or go to the web server. All the network settings remain, which included allowing TCP ports for HTTP and SSH. Does anyone know what has happened to make port 80 and 23 no longer accessible? This is a real nightmare for me because I did a bit of a marketing campaign, got increased traffic, noticed emails weren't getting sent, then in an attempt to fix that I've screwed the server completely so the website is down at the worst possible time :(
I fixed it all up. This isn't a direct solution to the problem, more like a workaround. I couldn't connect to that server no matter what, so I created a new instance and that worked. It was as if the Linux server itself was corrupt, not the AWS settings. I detached the volume from the old instance and attached it as a secondary volume on the new instance. When I logged into the new instance I was able to mount the secondary volume as a new drive and I just copied the files over that way. I don't have a bloated server so this wasn't really a big deal to pull off. Anyway, if you can't log in to a server anymore, you can always mount it to a new instance and access it via the file-system